Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What is a TPSP? 
An organization that has the responsibility to protect card data and may leverage a TPSP to support them ...
Industries relevant to cardholder data 
• 
Payment gateways 
• 
Payment processors 
• 
Colocation services 
• 
Cloud infra...
What to consider when engaging with a TPSP:
Set Expectations 
Define, agree upon, and document expectations, at least annually and after a change in services.
Gain Transparency Scope 
Take reasonable steps to determine that the scope of what is provided by a service provider is ap...
Establish Communications 
Consider establishing a communications schedule.
Request Evidence 
To verify that appropriate procedures were followed and controls deployed to support changes.
Obtain Information about PCI DSS Compliance 
Validation documentation should be provided at least annually as evidence of ...
PCI DSS compliance is a continuous process, not just a point in time exercise
Learn more about working with TPSPs 
Request a PCI Consultation
5 Things to Consider When Engaging With a Third-Party Service Provider
Upcoming SlideShare
Loading in …5
×

5 Things to Consider When Engaging With a Third-Party Service Provider

2,178 views

Published on

What is a Third-Party Service Provider, or TPSP?

It is an organization that has the responsibility to protect card data and may leverage a TPSP to support them in card-processing activities or to secure card data

Published in: Business
  • My brother found Custom Writing Service ⇒ www.HelpWriting.net ⇐ and ordered a couple of works. Their customer service is outstanding, never left a query unanswered.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ⇒ www.WritePaper.info ⇐ is a good website if you’re looking to get your essay written for you. You can also request things like research papers or dissertations. It’s really convenient and helpful.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

5 Things to Consider When Engaging With a Third-Party Service Provider

  1. 1. What is a TPSP? An organization that has the responsibility to protect card data and may leverage a TPSP to support them in card-processing activities or to secure card data
  2. 2. Industries relevant to cardholder data • Payment gateways • Payment processors • Colocation services • Cloud infrastructure • Managed security services • Encryption or tokenization services • Application hosting • Managed firewall/router service providers
  3. 3. What to consider when engaging with a TPSP:
  4. 4. Set Expectations Define, agree upon, and document expectations, at least annually and after a change in services.
  5. 5. Gain Transparency Scope Take reasonable steps to determine that the scope of what is provided by a service provider is appropriate and aligned.
  6. 6. Establish Communications Consider establishing a communications schedule.
  7. 7. Request Evidence To verify that appropriate procedures were followed and controls deployed to support changes.
  8. 8. Obtain Information about PCI DSS Compliance Validation documentation should be provided at least annually as evidence of PCI DSS compliance.
  9. 9. PCI DSS compliance is a continuous process, not just a point in time exercise
  10. 10. Learn more about working with TPSPs Request a PCI Consultation

×